Environment
- EDR Server: All Supported Versions
Question
Nessus vulnerability scan detects EDR web server as not utilizing a Content Security Policy frame-response header - is this a true vulnerability?
Answer
This is not a vulnerability: the EDR webapp is serving the X-Frame-Options HTTP header. This is the old way of accomplishing the same result that CSP does, but for older versions of browsers.
Additional Notes
Related Content